TCC 2006 Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu.

Slides:

Advertisements

Similar presentations

1 Password-based authenticated key exchange Ravi Sandhu.

Advertisements

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Su Youn Lee, Su Mi Lee and Dong Hoon Lee Current Trends in Theory and Practice of Computer Science Baekseok College of Cultural Studies GSIS.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Mutual authentication and group key agreement for low-power mobile devices Authors: Emmanuel Bresson, Olivier Chevassut, Abdeilah Essiari, David Pointcheval.

Password-based Authentication SBSeg 2007 Keynote Michel Abdalla Researcher École normale supérieure & CNRS.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From ： ePrint (August 2005) Author ： Junghyun Nam, Seungjoo.

A Cryptography Tutorial Jim Xu College of Computing Georgia Tech

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2014 Nitesh Saxena.

(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Key Agreement Guilin Wang School of Computer Science 12 Nov

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

Center for Information Security Technologies ID-based Authenticated Key Exchange for Low-Power Mobile Devices K. Y. Choi, J. Y. Hwang, D. H. Lee CIST,

Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Giuseppe Bianchi Warm-up example 1 found on a real paper! Warm-up example 1 found on a real paper!

CIST/ETRI/ISIT/KDDI/Kyusyu Univ./NICT Joint Research Workshop on Ubiquitous Network Security 2005 Verifier-Based Password-Authenticated Key Exchange Jeong.

Cryptographic Aspects of the Grid Security Cryptographic Aspects of the Grid Security Architecture Olivier Chevassut (LBNL)

© UCL Crypto group Nov-15 Two Formal Views of Authenticated Group Diffie-Hellman Key Exchange E. Bresson (ENS), O. Chevassut (LBL, UCL), O. Pereira (UCL)

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

To ensure secure and dependable monitoring of rail cars transporting hazardous materials, providing resiliency against both random and malicious threats.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

多媒體網路安全實驗室 An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security Date:2012/02/16.

1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Smart Card Based Authenticated Key Agreement Schemes

CMSC 414 Computer and Network Security Lecture 15

Password-based authenticated key exchange

Cryptography Lecture 23.

Presentation transcript:

TCC 2006 Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu Univ.) March 5, 2006

A fundamental problem in cryptography is how to communicate securely over an insecure channel. Motivation sk data privacy/integrity

How can we obtain a secret session key? Public-key encryption or signature –too high for certain applications Password-Authenticated Key Exchange (PAKE) –PAKE allows to share a secret key between specified parties using just a human-memorable password. –convenience, mobility, and less hardware requirement –no security infrastructure Motivation

Classification of PAKE

Our research topic on PAKE - Password-Authenticated Group Key Exchange (PAGKE) -

Group with sk PAGKE : Setting A broadcast group consisting of a set of users –each user holds a low-entropy secret (pw) pw

Previous Works Efficient Password-Based Group Key Exchange (Trust-Bus 04) - S. M. Lee, J. Y. Hwang, and D. H. Lee. –a provably secure constant-round PAGKE protocol –forward-secure and secure against known-key attacks –ideal-cipher and ideal-hash assumptions Password-based Group Key Exchange in a Constant Number of Rounds (PKC 06) - Abdalla, E. Bresson, O. Chevassut, and D. Pointcheval. –a provably secure constant-round PAGKE protocol –secure against known-key attacks –ideal-cipher and ideal-hash assumptions

Our Goal The focus of this work is to provide a provably-secure constant-round PAGKE protocol without using the random oracle model.

Preliminary for protocol Public information –G : a finite cyclic group has order q –p : a safe prime such that p=2q+1 –g 1,g 2 : generators of G –H : a one-way hash function –F : a pseudo random function family

Burmester and Desmedts Protocol U1U1 U2U2 U3U3 U4U4 R1R1 R2R2 M. Burmester and Y. Desmedt. A Secure and Efficient Conference Key Distribution System, In Proc. of EUROCRYPT 94.

Protocol U1U1 U2U2 U3U3 U4U4 R1R1 R2R2

Security Measurement Security theorem where t is the maximum total game time including an adversarys running time, and an adversary makes q ex execute-queries, q se send-queries. n is the upper bound of the number of the parties in the game, N s is the upper bound of the number of sessions that an adversary makes, PW is the size of a password space. Under the intractability assumption of the DDH problem and if F is a secure pseudo random function family, the proposed protocol is secure against dictionary attacks and known-key attacks, and provides forward secrecy.

Thank you ! Jeong Ok Kwon